Abstract
Cooperative technological solutions for Distributed Denial-of-Service (DDoS) attacks are already available, yet organizations in the best position to implement them lack incentive to do so, and the victims of DDoS attacks cannot find effective methods to motivate them. In this article we discuss two components of the technological solutions to DDoS attacks: cooperative filtering and cooperative traffic smoothing by caching. We then analyze the broken incentive chain in each of these technological solutions. As a remedy, we propose usage-based pricing and Capacity Provision Networks, which enable victims to disseminate enough incentive along attack paths to stimulate cooperation against DDoS attacks.
- Ba, S., Stallaert, J., and Whinston, A. B. 2001. Research commentary: introducing a third dimension in information systems design---the case for incentive alignment. Information Systems Research 12, 225--239. Google Scholar
Digital Library
- Badishi, G., Keidar, I., and Sasson, A. 2004. Exposing and eliminating vulnerabilities to denial of service attacks in secure gossip-based multicast. In Proceedings of the International Conference on Dependable Systems and Networks (DSN'04), Palazzo dei Congressi, Florence, Italy, June, 223--232. Google Scholar
Digital Library
- Cavusoglu, H., Mishra, B. K., And Raghunathan, S. 2002. The effect of internet security breach announcements on market value of breached firms and internet security developers. Workshop on Information Systems and Economics Program, Barcelona, Spain, December.Google Scholar
- Chang, R. K. C. 2002. Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Comm. Mag. 40, 42--51. Google Scholar
Digital Library
- Currier, K. M. 2000. Comparative Statics Analysis in Economics, World Scientific Publishing Co.Google Scholar
- Ettredge, M. and Richardson, V. 2002. Assessing the risk in E-commerce. In Proceedings of the 35th Hawaii International Conference on System Sciences (HICSS'02) vol. 7, Big Island, Hawaii (January), IEEE Computer Society Press, Los Alamitos, CA, 194. Google Scholar
Digital Library
- Geng, X. and Whinston, A. B. 2000. Defeating distributed denial of service attacks. IEEE IT Professional 2, 36--41. Google Scholar
Digital Library
- Geng, X., Gopal, R., Ramesh, R., and Whinston, A. B. 2003. Scaling Web services with capacity provision networks. IEEE Comput. 36, 64--72. Google Scholar
Digital Library
- Geng, X., Gopal, R., Ramesh, R., and Whinston, A. B. 2005. Capacity provision networks: foundations of markets for internet caching. In Proceedings of the 10th INFORMS Conference on Information Systems and Technology (CIST), San Fransisco, CA (November).Google Scholar
- Geng, X., Huang, Y., and Whinston, A. B. 2002. Defending wireless infrastructure against the challenge of DDoS attacks. ACM J. Mobile Netw. Appl. 7, 213--223. Google Scholar
Digital Library
- Gupta, A., Stahl, D. O., and Whinston, A. B. 1999. The economics of network management. Comm. ACM 42, 57--63. Google Scholar
Digital Library
- Harvey, N. J. A., Jones, M. B., Saroiu, S., Theimer, M., and Wolman, A. 2003. Skipnet: A scalable overlay network with practical locality properties. In Proceedings of the Fourth USENIX Symposium on Internet Technologies and Systems, Seattle, WA (March). Google Scholar
Digital Library
- Huang, Y., Geng, X., and Whinston, A. B. 2003. Network mapping services for provisioning of decentralized web services: promises and issues. In Proceedings of the 2nd Workshop on e-Business, Seattle, WA (December).Google Scholar
- Ledyard, J.O. and Szakaly-Moore, K. 1994. Designing organizations for trading pollution rights, J. Eco. Behav. Org. 25, 167--196.Google Scholar
Cross Ref
- Kleinbard, D. 2000. More sites hacked in wake of Yahoo!. CNN Money News (Feb. 8), Published on the Web, <http://money.cnn.com/2000/02/08/technology/yahoo>.Google Scholar
- Mirkovic, J., Dietrich, J. S., Dittrich, D., and Reiher, P. 2005. Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall PTR, Indianapolis, IN. Google Scholar
Digital Library
- Naraine, R. 2002. Massive DDoS attack hit DNS root servers. Internetnews.com (Oct. 23), Published on the Web, <http://www.internetnews.com/dev-news/article.php/1486981>.Google Scholar
- Ng, T. S. E. and Zhang, H. 2002. Predicting Internet network distance with coordinates-based approaches. In Proceedings of IEEE INFOCOM 2002, New York, NY (June).Google Scholar
- Norton, W. B. 2002. A business case for ISP Peering, Published on the Web, <http://www.equinix.com/pdf/whitepapers/Business_case.pdf>.Google Scholar
- Saltzer, J. H., Reed, D. P., and Clark, D. D. 1984. End-to-end arguments in system design. ACM Trans. Comput. Syst. 2, 277--288. Google Scholar
Digital Library
- Stahl, D. O. and Whinston, A. B. 1994. A general economic equilibrium model of distributed computing. In New Directions in Computational Economics, Kluwer Academic Publishers, London, UK, 175--189.Google Scholar
- Wang, L., Pai, V., and Peterson, L. 2002. The effectiveness of request redirection on CDN robustness. In Proceedings of the 5th Symposium on Operating System Design and Implementation, Boston, MA (December), 345--360. Google Scholar
Digital Library
- Wang, X. and Reiter, M. K. 2004. Mitigating bandwidth-exhaustion attacks using congestion puzzles. In Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC (October), 257--267. Google Scholar
Digital Library
- Xiang, Y., Zhou, W., and Chowdhury, M. 2004. A survey of active and passive defence mechanisms against DDoS attacks. Tech. Rep., TR C04/02. School of Information Technology, Deakin University, Australia (March).Google Scholar
Index Terms
Defeating DDoS attacks by fixing the incentive chain
Recommendations
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and NetworksMost malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these attacks by protecting program control data. We have constructed a new class of attacks that can compromise network ...
Towards Defeating DDoS Attacks
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber SecurityDistributed Denial of Service (DDoS) attacks are attacks where a host of compromised systems are used to target a single system. This single system can be either an actual machine or a network resource. What makes these attacks so prevalent and hard to ...
Catabolism attack and Anabolism defense
Security is a major challenge in Opportunistic Networks (OppNets) because of its characteristics, such as open medium, dynamic topology, no centralized management and absent clear lines of defense. A packet dropping attack is one of the major security ...








Comments